Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Protecting sensitive law enforcement agencies data - data security in the cloud

: Jakoby, A.

Liles, S. (Ed.):
9th International Conference on Cyber Warfare and Security : West Lafayette, Indiana, USA, 24 - 25 March 2014
Red Hook, NY: Curran, 2014
ISBN: 978-1-63266-062-6
International Conference on Cyber Warfare and Security (ICCWS) <9, 2014, West Lafayette/Ind.>
Fraunhofer IOSB ()
authorization; authorized data access; trusted hardware modules; encryption structure; encrypted data records; encrypted keys; adaptor keys; data encryption keys; decrypted data; sensible data; security forces; cloud; data security; sensitive law enforcement agencies data protection

The possibility to access information related to an investigation at any time and from any place is getting increasingly important for security forces, especially the police. Thus, the needs arise to store this information into a cloud. By storing sensible data in a cloud the need arises to protect these data from unauthorized access and to allow only authorized persons the access, often only within a limited time period. The conceptual paper at hand describes a technique to store data in a cloud in a secure encrypted manner and to control the access to these data and grant the access rights adapted to current requirements. Our solution to provide access to sensitive data uses a public available storage, like a cloud, and protects data by using encryption. Our main goal is that everything that can be public available has to be encrypted in such a way that only authorized peoples can get access to the decrypted data. This also applies for keys which may be stored at the cloud. To implement a secure and efficient structure to protect sensitive data we use a hierarchical key structure where the keys can be subdivided into different types: 1. data encryption keys to encrypt data 2. intermediate keys represent dependencies of data records and are used to combine these 3. adaptor keys determining the permission of users to access (atomic or combined) data records 4. personified keys owned by the different users and represent the starting point of the access structure. Lower level keys are encrypted by keys of a higher level. We assume that all encrypted keys and encrypted data records are stored in the cloud. Using this encryption structure together with trusted hardware modules we give protocols for authorized data access where authorization can be dynamically assigned to the different users.